11 December 2012

TEN STEPS : What To Do if Your Data is Being Held for Ransom

We have your data. Fork over the money!

For the past few months, so-called 'Ransomware' has been very popular among online criminal gangs. A computer is infected with malware which encrypts some or all of the data on the computer, and the criminals demand a payment to restore the machine to normal.

This ofen comes with a fake warning from the national law enforcement agency of the location of the computer, such as the FBI in the US, and geo-locates the payment to dollars or Euros as appropriate. Sometimes the warning claims pirated content or illegal pornography has been found on your machine. While we don't know what you have been downloading, we can say this: Law enforcement won't infect your computer and demand ransoms.

So, what to do, and how to avoid being held to ransom for your favorite grandkid's pictures, your PhD dissertation, or that quarterly report you've been working on for weeks?

1. Do not try to remove the malware yourself. Some variants have trip-wires built in that erase your data permanently if you do the wrong thing.

2. Back up your files religiously.

By religiously we mean constantly, at least several times a day. You can do this automatically with many back-up programs like Apple's Time Machine that back up changed files every hour, and then all files once a day.

3. Use Cloud Services for important data - keep stuff you can't live without somewhere else, like a central server if your organization has one, or box.com, dropbox.com, Google drive, etc.

4. Keep your software and operating system up to date every day! Use Windows Update set to automatically install updates, and Secunia, to alert you to updates to your other applications, if you are a PC user. Apple machines also have automatic checks for software and OS updates.

5. Run anti-virus software. Yes, even if you have an Apple computer! While A/V software can miss some viruses, it generally catches up pretty quickly and is your first line of defense.

7. If you are infected, and have anti-virus software that failed to detect the malware - wait if you can. As variations of the malware come out, so too do updates to anti-virus programs - see if you can update your a/v software, as it may be able to decrypt the stolen data.

8. If you have backups, or your data is stored on a cloud service, have an expert help wipe your machine completely clean, reinsstall your operating system and software, and then restore your data from a backup version prior to the infection.

9. If you are really stuck - as a last resort, pay the ransom. Paying the ramsom reportedly works in some cases. But try everything else first, because it may just tell the criminals that you're a live one, so they can come back for more.

While we don't encourage people to give money to criminals, if the data is irreplacable, you may have to give this a try if all else fails.Then start making backups. If you need to buy a backup disk, do so, now that you know what a good investment it is.

Comments

TEN STEPS : What To Do if Your Data is Being Held for Ransom

We have your data. Fork over the money!

For the past few months, so-called 'Ransomware' has been very popular among online criminal gangs. A computer is infected with malware which encrypts some or all of the data on the computer, and the criminals demand a payment to restore the machine to normal.

This ofen comes with a fake warning from the national law enforcement agency of the location of the computer, such as the FBI in the US, and geo-locates the payment to dollars or Euros as appropriate. Sometimes the warning claims pirated content or illegal pornography has been found on your machine. While we don't know what you have been downloading, we can say this: Law enforcement won't infect your computer and demand ransoms.

So, what to do, and how to avoid being held to ransom for your favorite grandkid's pictures, your PhD dissertation, or that quarterly report you've been working on for weeks?

1. Do not try to remove the malware yourself. Some variants have trip-wires built in that erase your data permanently if you do the wrong thing.

2. Back up your files religiously.

By religiously we mean constantly, at least several times a day. You can do this automatically with many back-up programs like Apple's Time Machine that back up changed files every hour, and then all files once a day.

3. Use Cloud Services for important data - keep stuff you can't live without somewhere else, like a central server if your organization has one, or box.com, dropbox.com, Google drive, etc.

4. Keep your software and operating system up to date every day! Use Windows Update set to automatically install updates, and Secunia, to alert you to updates to your other applications, if you are a PC user. Apple machines also have automatic checks for software and OS updates.

5. Run anti-virus software. Yes, even if you have an Apple computer! While A/V software can miss some viruses, it generally catches up pretty quickly and is your first line of defense.

7. If you are infected, and have anti-virus software that failed to detect the malware - wait if you can. As variations of the malware come out, so too do updates to anti-virus programs - see if you can update your a/v software, as it may be able to decrypt the stolen data.

8. If you have backups, or your data is stored on a cloud service, have an expert help wipe your machine completely clean, reinsstall your operating system and software, and then restore your data from a backup version prior to the infection.

9. If you are really stuck - as a last resort, pay the ransom. Paying the ramsom reportedly works in some cases. But try everything else first, because it may just tell the criminals that you're a live one, so they can come back for more.

While we don't encourage people to give money to criminals, if the data is irreplacable, you may have to give this a try if all else fails.Then start making backups. If you need to buy a backup disk, do so, now that you know what a good investment it is.